Researchers at ESET, a developer of IT security software and services for businesses and consumers worldwide, have been analyzing samples of dangerous malware (detected by ESET as Win32/Industroyer and named “Industroyer”) capable of performing an attack on power supply infrastructure. The malware was likely involved in the December 2016 cyberattack on Ukraine’s power grid that deprived part of its capital, Kiev, of power for more than an hour.
ESET researchers discovered that Industroyer is capable of directly controlling electricity substation switches and circuit breakers. It uses industrial communication protocols used worldwide in power supply infrastructure, transportation control systems, and other critical infrastructure. The potential impact may range from simply turning off power distribution, triggering a cascade of failures, to more serious damage to equipment.
Additional technical details on the malware and analysis can be found in an article and in a comprehensive white paper on ESET’s blog, WeLiveSecurity.com.